News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

[UK] Safety measures for your phone in case you get busted? : murderhomelesspeople | Torhoo darknet markets

I understand a Pixel with GrapheneOS is the golden standard for safety and all, but how much it would protect you in case you get busted for a drug case and they take your phone?

I saw this video of how the police has crazy access to everything in your phone once thye've got it, every message, every website you visited and all...Is there anything I can do to minimise the use of my phone in case I get busted and it ends up in LE hands? Does a Pixel with Graphene OS hold any value in this scenario?

What could I do to make sure my phone would be of little use in the LE hands in UK? Of course, the "don't get busted" reply is obvious, but I'm just trying to think of all the possibilities in advance and prepare.

Also we all do take precautions and all, but if we DO get busted with drugs and there is not path ahead for LE from us because we took all these measures that we do, does it really help our case and how? Does it help if they got us but thye got no other lead from us?
/u/JosephWeil
2 points
4 months ago
Cyanide pill hidden in a secret cavity in one your teeth. The cops never expect it and it works quickly!
/u/root P
2 points
4 months ago
The data you see in videos is retrieved using exploit tools like Celebrite UFED which does not work in BFU (Before First Unlock) mode. If you get busted and your phone is encrypted which is the default as far as I know just turn the phone off. When the police turn it back on it will be in BFU mode until you enter your PIN or passcode. When the phone is in BFU mode the phone has not completed booting and the filesystem is encrypted. Breaking this encryption is near impossible in general and impossible for law enforcement. If you do not have a chance to turn off your phone GrapheneOS in particular will do it automatically after an inactivity period of 3 days. During this 3 day period where your phone would likely be in evidence the phone is in AFU (After First Unlock) mode. Even in this AFU state where normal devices would be vulnerable GrapheneOS stands strong against all known exploits. Law enforcement would need to develop a new exploit within 3 days to break GrapheneOS which is again impossible for them.
/u/tribalseed
1 points
4 months ago
i have a pixel, woudl i need to be rooted to get that os? i tried rooting before but had no luck
/u/root P
1 points
4 months ago
No. Rooting reduces your security.
/u/ShroomDepot
1 points
4 months ago
No root necessary. If you do try to install GrapheneOS, back up your files FIRST!
/u/Proctor 📢
1 points
4 months ago
Good to know, thank you. It's difficult to believe the LE doesn't have a way to access phones. Also I don't know how things changed since I was recently seeing in the news that Apple kinda gave up their users security to the UK gouvernment following changes in laws or smtn...this is why I am thinking if it's worth switching to a Pixel.

Tbh idk what use all this would be if they find drugs in my house, which they would, but oh well....
/u/esotericnothing
1 points
4 months ago
This is not true, the police just have to use a currently unknown or unpatched 0day exploit. Which are known to be sold in opaque networks among LE, intel, mil, private security contractor, and gray/blackhat circles.

The reality is, there are plenty of exploits which aren't publicly known; the value is in keeping them secret.

Additionally, the reality of open source projects is that, while security, privacy, or anonymity may be a focus, there is often a lack of funding and resources which is not magically overcome simply by the design choice of making a project open source. Making the code open source also can speed development of exploits, which are then not disclosed as per best practices, and instead are stockpiled.

You can see there are many examples of exploits being discovered in code years, even decades after the code was originally pushed. While there is often no evidence of this exploit being implemented or used by any known actors, the absence of evidence is not the evidence of absence.

That said, if your phone is encrypted (most modern smartphones are), and its in BFU mode (before first unlock; as in, you power it off before losing custody of the phone, or otherwise have the device triggered or automatically programmed to power off and/or factory reset wipe the device under certain conditions (Ripple and Wasted on F-Droid are examples of android/grapheneOS platform software which can be used to remotely wipe your device) such as the entry of an incorrect distress password, the phone being on for a certain length of time without rebooting, or receiving a sms/Signal message containing a secret code...there are many different failsafes and deadmanswitches which can ensure that your phone turns off and also wipes itself, in the event that you have your phone confiscated.

android and iOS of the most recent version, also have 3-day timers where the device will automatically reboot if it has been on without rebooting in that period. In GrapheneOS and with Wasted/Ripple, I believe you can shorten this timer too.

If you have your shit properly set up, getting raided shouldn't mean your data is compromised. In fact, it's what you are doing while the phone is unencrypted, open, that is way more likely to leak your data, compromise your opsec, and lead to you getting raided in the first place. Mobile operating systems are a nightmare of unpatched vulnerabilities and ways to fuck yourself over, even if you don't do anything on the mobile device...simply leaving it connected to, or merely nearby (if the wifi AP is open, or even just without WPA3 encryption) the same wifi that you are using your TAILS OS or QubesOS device...yeah, this can be enough to cause problems.

Think about how many smartphones are around you at any given moment. Is your neighbor, roommate, really using an even reasonably secure device? What might they be doing, which you are unaware of, that may lead to LE or others surveilling you by proxy?

These are the concerns and considerations which you should have, while constantly evolving and developing your operational security plan.
/u/root P
1 points
4 months ago
Didn't read this. The beginning saying low level law enforcement would have and waste a million dollar zero day on some random low level drug dealer made me immediately disinterested in your opinion.
/u/esotericnothing
1 points
4 months ago
they don't need to "waste" anything, they can simply refer an image of the phone's data to their local DHS fusion center and then have a different agency hire a private contractor to crack it for them.

there are companies that exclusively contract with LE to do this. they then often don't even need to disclose the means of accessing the data in court filings, especially if they can use parallel construction.

these kind of 0days aren't just, used once. they are kept secret as long as possible by the people who sell and trade in them. because, well, they are worth millions of dollars...

this kind of misconception is very common here. it is likely that 0days are implemented on drug war targets with some regularity, without the knowledge of those targets.

even so, known exploits of vulnerable, outddated phones and other unpatched tech is even easier, and is also common. federal LE have entire toolkits of RATs and other software designed to hack into specific targets.

That said, I'm not into spreading meaningless FUD...I just think it's foolish to think that 0days aren't used on targets, by companies that have an entire business strategy of selling these kind of services specifically to LE and intelligence agencies, etc...

Still, You can mitigate a lot of the worst damage by using a supported, updated GrapheneOS phone, that you bought used with cash, flashed yourself, and then installed/config'd Wasted.apk onto. This should be your takeaway, since you didn't bother reading the post. Hopefully, you already knew this and either, stayed way the fuck away from smartphones, or at least already did all this.
/u/[deleted]
1 points
3 months ago
This is bullshit - Look at the UK, they just stopped a LAW to let apple fully encrypt backups.
This means they already have a way to access encrypted backups - Most likely for high level cases, not just a normal dealer.
They 100% have access to certain things on iOS, I know this personally, Android they deffo have access - I've seen it.

Do not underestimate LE - becoming complacent will be your biggest mistake. On a documentry recently they got deleted iOS notes from a device. They can get data, so don't think your so smart and keep shit on your phone. Encrypt everything in SHA256 with your own salt, then they have a problem.

Android your fucked
Burner your super fucked
/u/Proctor 📢
1 points
3 months ago
Good to know, I should change my phone soon then. Mind me asking what is SHA256 and "salt"? Are these regarding phones? What phone do you think is best for this threat model?
/u/[deleted]
1 points
3 months ago
Honestly, they can get data from most devices. My best advice is encrypt things twice if its really important. A salt is what you put with encryption

So say you encrypt something which is "test" it might be xasddgfkl .... some encryption (not all) will repeat the same output xasddgfkl. So normally you append to the start or the end a salt which is a random string, so instead of mypassword you would use mysalt_mypassword. This adds an extra layer of security as even if someone knows your encryption keys, they cant decrypt without the salt.
/u/Proctor 📢
1 points
3 months ago
I understand that with Pixel GOS you can set up a password which if introduced instead of your normal "unlock" password, it erases everything on the device? Is this doable, is it effective?
/u/[deleted]
1 points
3 months ago
No idea I would not trust any company and its claim to be honest, they have boot software to stop this kind of thing.
/u/switchbladehologram
1 points
3 months ago
First off, don't do business on your regular phone, have a burner that has no service and operates only on wifi.

Second, don't be scared to destroy your device quickly. Most phones break fairly easily, slamming it into the pavement works remarkably well. Remember to fold it to destroy the internals as much as possible. Alternatively, there is a small device you can buy on most any marker, darkmor not, it fries the internals of any device you are using, just plug it in, and ZAP, the device is permanently dead and all data is lost. Have that ready to go at a moments notice. I think some can be left in the device and function as a case until needed. Lift a safety, press a switch, pop, device is a paperweight that may catch fire if the battery ignites.

Lastly, if you are stupid enough to meet with someone, or have product deliver to or sent from your home, you get what you fucking deserve.
/u/justaguy12314
1 points
3 months ago
I'm just gonna say that I know a big time dealer who never been jail who uses dumb phones.

I'm guessing that as long as police can't connect you to the phone i.e no link between you and cellsite then all they can do is confiscate it.

Pretty sure you could have your prints on it, be caught with it on you but if you're clean you could just say you was holding it for a friend or just needed a phone or whatever.

Unless they can prove *you* were using it *to sell* I think you'll bust case.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo